1 /* $NetBSD: user.c,v 1.3 2021/08/14 16:14:58 christos Exp $ */ 2 3 /* user.c - set user id, group id and group access list */ 4 /* $OpenLDAP$ */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 1998-2021 The OpenLDAP Foundation. 8 * Portions Copyright 1999 PM Lashley. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19 20 #include <sys/cdefs.h> 21 __RCSID("$NetBSD: user.c,v 1.3 2021/08/14 16:14:58 christos Exp $"); 22 23 #include "portable.h" 24 25 #if defined(HAVE_SETUID) && defined(HAVE_SETGID) 26 27 #include <stdio.h> 28 29 #include <ac/stdlib.h> 30 31 #ifdef HAVE_PWD_H 32 #include <pwd.h> 33 #endif 34 #ifdef HAVE_GRP_H 35 #include <grp.h> 36 #endif 37 38 #include <ac/ctype.h> 39 #include <ac/unistd.h> 40 41 #include "slap.h" 42 #include "lutil.h" 43 44 /* 45 * Set real and effective user id and group id, and group access list 46 */ 47 48 void 49 slap_init_user( char *user, char *group ) 50 { 51 uid_t uid = 0; 52 gid_t gid = 0; 53 int got_uid = 0, got_gid = 0; 54 55 if ( user ) { 56 struct passwd *pwd; 57 if ( isdigit( (unsigned char) *user ) ) { 58 unsigned u; 59 60 got_uid = 1; 61 if ( lutil_atou( &u, user ) != 0 ) { 62 Debug( LDAP_DEBUG_ANY, "Unble to parse user %s\n", 63 user ); 64 65 exit( EXIT_FAILURE ); 66 } 67 uid = (uid_t)u; 68 #ifdef HAVE_GETPWUID 69 pwd = getpwuid( uid ); 70 goto did_getpw; 71 #else 72 user = NULL; 73 #endif 74 } else { 75 pwd = getpwnam( user ); 76 did_getpw: 77 if ( pwd == NULL ) { 78 Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n", 79 user ); 80 81 exit( EXIT_FAILURE ); 82 } 83 if ( got_uid ) { 84 user = (pwd != NULL ? pwd->pw_name : NULL); 85 } else { 86 got_uid = 1; 87 uid = pwd->pw_uid; 88 } 89 got_gid = 1; 90 gid = pwd->pw_gid; 91 #ifdef HAVE_ENDPWENT 92 endpwent(); 93 #endif 94 } 95 } 96 97 if ( group ) { 98 struct group *grp; 99 if ( isdigit( (unsigned char) *group )) { 100 unsigned g; 101 102 if ( lutil_atou( &g, group ) != 0 ) { 103 Debug( LDAP_DEBUG_ANY, "Unble to parse group %s\n", 104 group ); 105 106 exit( EXIT_FAILURE ); 107 } 108 gid = (uid_t)g; 109 #ifdef HAVE_GETGRGID 110 grp = getgrgid( gid ); 111 goto did_group; 112 #endif 113 } else { 114 grp = getgrnam( group ); 115 if ( grp != NULL ) 116 gid = grp->gr_gid; 117 did_group: 118 if ( grp == NULL ) { 119 Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n", 120 group ); 121 122 exit( EXIT_FAILURE ); 123 } 124 } 125 got_gid = 1; 126 } 127 128 if ( user ) { 129 if ( getuid() == 0 && initgroups( user, gid ) != 0 ) { 130 Debug( LDAP_DEBUG_ANY, 131 "Could not set the group access (gid) list\n" ); 132 133 exit( EXIT_FAILURE ); 134 } 135 } 136 137 #ifdef HAVE_ENDGRENT 138 endgrent(); 139 #endif 140 141 if ( got_gid ) { 142 if ( setgid( gid ) != 0 ) { 143 Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n", 144 (int) gid ); 145 146 exit( EXIT_FAILURE ); 147 } 148 #ifdef HAVE_SETEGID 149 if ( setegid( gid ) != 0 ) { 150 Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n", 151 (int) gid ); 152 153 exit( EXIT_FAILURE ); 154 } 155 #endif 156 } 157 158 if ( got_uid ) { 159 if ( setuid( uid ) != 0 ) { 160 Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n", 161 (int) uid ); 162 163 exit( EXIT_FAILURE ); 164 } 165 #ifdef HAVE_SETEUID 166 if ( seteuid( uid ) != 0 ) { 167 Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n", 168 (int) uid ); 169 170 exit( EXIT_FAILURE ); 171 } 172 #endif 173 } 174 } 175 176 #endif /* HAVE_PWD_H && HAVE_GRP_H */ 177